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IN THE CLAIMS 

Please amend claims 1,9, 13, and 21 as follows: 

1 . (Currently Amended) A public key infrastructure (PKI) comprising: 
a subject; 

a certificate authority issuing a first unsigned certificate to the subject that 
associatesb iftds a public key of the subject to long-term identification information related to 
the subject, the certificate authority maintaining a database of records representing issued 
unsigned certificates in which it stores a record representing the first unsigned certificate,, 
wherein the issued unsigned certificates are valid until at least one of revoked by the 
certificate authority and expired ; and 

a verifier maintaining a hash table containing cryptographic hashes of valid unsigned 
certificates corresponding to the_records stored in the database and including a cryptographic 
hash of the first unsigned certificate, wherein the subject presents the issued first unsigned 
certificate to the verifier for authentication and demonstrates that the subject has knowledge 
of a private key corresponding to the public key in the unsigned certificate. 

2. (Original) The PKI of claim 1 wherein the first unsigned certificate includes an 
expiration date/time. 

3. (Original) The PKI of claim 1 wherein the first unsigned certificate does not include 
an expiration date/time. 

4. (Original) The PKI of claim 1 wherein the private key is stored in a smartcard 
accessible by the subject. 

5. (Original) The PKI of claim 1 wherein the private key is stored in a secure software 
wallet accessible by the subject. 

6. (Original) The PKI of claim 1 wherein the verifier computes the cryptographic hash 
of the first unsigned certificate with a collision-resistant hash function. 
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7. (Original) The PKI of claim 6 wherein the collision-resistant hash function is a SHA- 
1 hash function. 

8. (Original) The PKI of claim 6 wherein the collision-resistant hash function is a MD5 
hash function. 

9. (Currently Amended) The PKI of claim 1 wherein the certificate authority and the 
verifier operate to revoke the first unsigned certificate when the association binding of the 
subject's public key to the long-term identification information related to the subject becomes 
invalid. 

10. (Previously Presented) The PKI of claim 9 wherein the certificate authority and the 
verifier perform the revocation protocol to revoke the first unsigned certificate, the revocation 
protocol including: 

the certificate authority retrieving a record representing the first unsigned certificate 
from the database and obtaining a cryptographic hash of the first unsigned certificate; 

the certificate authority sending a message to verifier containing the cryptographic 
hash of the first unsigned certificate and requesting that the verifier remove the corresponding 
cryptographic hash of the first unsigned certificate from its hash table; 

the verifier removing the cryptographic hash of the first unsigned certificate from its 
hash table and notifying the certificate authority that it has removed the cryptographic hash of 
the first unsigned certificate from its hash table; and 

the certificate authority collecting the notification sent by the verifier. 

11. (Previously Presented) The PKI of claim 10 wherein the revocation protocol includes 
the certificate authority marking the record of the first unsigned certificate in the database as 
being invalid, for auditing purposes. 

12. (Previously Presented) The PKI of claim 10 wherein the revocation protocol includes 
the certificate authority deleting the record representing the first unsigned certificate from the 
database. 
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13. (Currently Amended) A method of authenticating a subject to a verifier in a public 
key infrastructure (PKI), the method comprising the steps of: 

issuing a first unsigned certificate from a certificate authority to the subject that 
associatesb iftds a public key of the subject to long-term identification information related to 
the subject; ^ 

maintaining, at the certificate authority, a database of records representing issued 
unsigned certificates that are valid until at least one of revoked by the certificate authority 
and expired ; 

storing a record representing the first unsigned certificate in the database; 

maintaining, at the verifier, a hash table containing cryptographic hashes of valid 
unsigned certificates corresponding to the records stored in the database and including a 
cryptographic hash of the first unsigned certificate; 

presenting the issued first unsigned certificate from the subject to the verifier for 
authentication; 

demonstrating, by the subject, that the subject has knowledge of a private key 
corresponding to the public key in the unsigned certificate. 

14. (Original) The method of claim 13 wherein the first unsigned certificate includes an 
expiration date/time. 

15. (Original) The method of claim 13 wherein the first unsigned certificate does not 
include an expiration date/time. 

16. (Original) The method of claim 13 further comprising the step of: 
storing the private key in a smartcard accessible by the subject. 

17. (Original) The method of claim 13 further comprising the step of: 
storing the private key in a secure software wallet accessible by the subject. 

18. (Original) The method of claim 13 further comprising the step of: 

computing, by the verifier, the cryptographic hash of the first unsigned certificate with 
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a collision-resistant hash function. 

19. (Original) The method of claim 18 wherein the collision-resistant hash function is a 
SHA-1 hash function. 

20. (Original) The method of claim 18 wherein the collision-resistant hash function is a 
MD5 hash function. 

21. (Currently Amended) The method of claim 13 further comprising the step of: 
revoking the first unsigned certificate when the association binding of the subject's 

public key to the long-term identification information related to the subject becomes invalid. 

22. (Previously Presented) The method of claim 21 wherein the revoking step includes 
the steps of: 

retrieving the record representing the first unsigned certificate from the certificate 
database and obtaining a cryptographic hash of the first unsigned certificate; 

sending a message from certificate authority to verifier containing the cryptographic 
hash of the first unsigned certificate; 

requesting that the verifier remove the corresponding cryptographic hash of the first 
unsigned certificate from its hash table; 

removing the cryptographic hash of the first unsigned certificate from the hash table; 

notifying the certificate authority that the cryptographic hash of the first unsigned 
certificate is removed from the hash table; and 

collecting, at the certificate authority, the notification sent in the notifying step. 

23. (Previously Presented) The method of claim 22 wherein the revoking step further 
includes: 

marking the record representing the first unsigned certificate in the database as being 
invalid, for auditing purposes. 

24. (Previously Presented) The method of claim 22 wherein the revoking step further 
includes: 
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deleting the record representing the first unsigned certificate from the database. 
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